The importance of improving supply chain security in open source
We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem. ⌘ Read more
❤️ 🎶: Divine Attack - Shingeki - by BABYMETAL
Resolve Vulnerabilities Sooner With Contextual Data
OpenSSL 3.0.7 and “Text4Shell” might be the most recent critical vulnerabilities to plague your development team, but they won’t be the last. In 2021, critical vulnerabilities reached a record high. Attackers are even reusing their work, with over 50% of zero-day attacks this year being variants of previously-patched vulnerabilities. With each new security vulnerability, we’re […] ⌘ Read more
How Lunduke handles conflict, personal attacks, & political differences in the Tech industry
Listen now (51 min) | The Lunduke Journal Podcast - September 7, 2022 ⌘ Read more
New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore. ⌘ Read more
Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more
Thanks for the feedback! This site was designed to look perfect on good old 800x600 monitors (I even left a comment next to the meta tag). Maybe I’ll add a mobile-friendly version someday :-) P.S. Nice try with SQL injection, haha. Do you have any plans for XSS attacks? :D
**Apparently, there are still those who they’re able to fool others with the argument “we cannot fight the climate crisis now, because we have to take care of the economy.”
This “economy first” approach is naive: the climate crisis attacks the economy too:
https://www.weforum.org/agenda/2021/06/impact-climate-change-global-gdp/**
Apparently, there are still those who they’re able to fool others with the argument “we cannot fight the climate crisis now, because we have to take care of the economy.”
This “econ … ⌘ Read more
Lone surviving attacker in Paris massacre guilty of murder, jailed for life
Islamic State extremist Salah Abdeslam was given the most severe sentence possible for his role in the deadly 2015 bombings and shootings that killed 130 people. ⌘ Read more
Russia’s Putin visits ‘friendly’ Central Asia on first trip abroad during war
Russia has been at pains to show it’s not under international isolation despite unprecedented US and European sanctions imposed over its attack on Ukraine. ⌘ Read more
Hindu man beheaded in India over support for Prophet Mohammed remarks
The victim was a tailor who shared a social media post supporting former BJP spokeswoman Nupur Sharma, according to local media. A video of the attack was widely shared online. Two men have been arrested. ⌘ Read more
US urged to plan minelaying campaign to halt mainland Chinese attack on Taiwan
A US navy commander suggests that laying mines in the Yellow Sea and Pearl River Delta could help bring Beijing to the negotiating table. ⌘ Read more
Russian missiles hit crowded shopping centre in Ukraine, Zelensky says
More than 1,000 people were in the shopping centre at the time of the attack, according to President Volodymyr Zelensky. ;It is impossible to even imagine the number of victims’, he said. ⌘ Read more
Violence against women in China: outrage over video of furious attack by teen boy on secondary schoolgirl classmate after a board game dispute
A wave of public outrage has spread across social media in mainland China after the emergence of a graphic video of a boy violently attacking a female secondary school classmate. ⌘ Read more
Call reveals Russia’s Putin told Macron he ‘wanted to play ice hockey’ on eve of Ukraine invasion
The final call between the French and Russian leaders just four days before Putin ordered the attack on Ukraine is filled with tension and bizarre moments. ⌘ Read more
China ‘no-limits’ vow with Russia raises Pentagon urgency to prepare for Guam attack: US commander
‘Extremely dangerous’ if Beijing and Moscow were to make good on recent doubling down of partnership, says US Indo-Pacific Commander John Aquilino. ⌘ Read more
Hong Kong chauffeur acquitted on charge of inciting members of drivers’ WhatsApp group to attack police with machetes
District Court accepts Fong Man-ho’s defence that he was merely venting his frustration at police’s handling of 2019 protests and posted remarks on impulse. ⌘ Read more
Chinese security official calls for crackdown on gangs following Tangshan attack
The political and legal affairs chief urges authorities to ‘fight against evil’ in the wake of a brutal assault on women in northern China. ⌘ Read more
US Capitol riot hearings to take break as new evidence floods in
Lawmakers investing the January 6 attack have received a glut of new video footage of Trump and his family from a documentary filmmaker. ⌘ Read more
Ukraine says it hit Black Sea oil platform used by Russia’s troops
The attack was the first such strike against offshore energy infrastructure in Crimea since the start of Moscow’s invasion in February. ⌘ Read more
Police officer fired and 5 placed under investigation over attack in women in Chinese city of Tangshan
A deputy district commander was dismissed from his post with the others being investigated by the local disciplinary watchdog ⌘ Read more
Hong Kong protests: 2 teenagers sentenced to correctional training, hard labour for vandalising bakery during 2019 protests
Student, 18, and boy, 15, plead guilty to count of criminal damage for attack on Arome Bakery in Tseung Kwan O Plaza. ⌘ Read more
Cloudflare and the Web sites it uses to perform MiTM attacks are down in many places around the world. Rejoice!
Beijing is likely to step up its campaign to ‘reunify’ with Taiwan, analysts say
Chance of an armed conflict is higher than five years ago as PLA ‘will soon be equipped with the tools needed’ to attack the island, analyst says. ⌘ Read more
Woman arrested for making anti-Asian remarks, pepper spraying 4 people in New York
Madeline Barker was charged with hate crimes over the June 11 attack in which she pepper-sprayed four Asian women. ⌘ Read more
Tangshan restaurant attack suspect was wanted by Chinese authorities over previous crimes
One of the man accused of attacking women in a restaurant was named as a fugitive in court records over a previous assault. ⌘ Read more
Chinese destroyer on long-distance exercises in Sea of Japan, to deter ‘attack on Taiwan’
Japan’s Defence Ministry said 3 ships were spotted on Sunday travelling toward Sea of Japan. Global Times reported the mission was part of China’s military build-up aimed at deterring a foreign intervention in the event of an attack on Taiwan. ⌘ Read more
‘No basis’ for attack fears in China’s new rules for PLA activities
Regulation covers PLA missions from disaster relief to humanitarian aid and peacekeeping, as well as its response to political crises at home and overseas. ⌘ Read more
Indian forces in Kashmir kill militants suspected of targeted shooting, part of increased counter-insurgency effort
It’s believed they were Kashmir Freedom Fighters who claim responsibility for shooting a bank manager this month. At least 16 people – both Hindu and Muslims – have been killed in targeted attacks in Kashmir this year. ⌘ Read more
https://www.hertzbleed.com/ side-channel attack
d65536
⌘ Read more
d65536
⌘ Read more
npm security update: Attack campaign using stolen OAuth tokens
npm’s impact analysis of the attack campaign using stolen OAuth tokens and additional findings. ⌘ Read more
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users. ⌘ Read more
How to secure your end-to-end supply chain on GitHub
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user accounts, commonly used dependencies, and also build systems. Defending against these attacks is hard, because there’s no one thing you can do to protect your […] ⌘ Read more
Spacecraft Debris Odds Ratio
⌘ Read more
Spacecraft Debris Odds Ratio
⌘ Read more
not the best move on the side of the red cross to call me and tell me it’s because of my blood donation — i nearly had a panic attack for the 10 seconds that they didn’t tell me it was all fine (why would you call me then‽ and why speak as if you’re going to tell me i’ll be dead in a month‽)
Vulnerability Alert: Avoiding “Dirty Pipe” CVE-2022-0847 on Docker Engine and Docker Desktop
You might have heard about a new Linux vulnerability that was released last week, CVE-2022-0847, aka “Dirty Pipe”. This vulnerability overwrites supposedly read-only files in the Linux kernel host, which could enable attackers to modify files inside the host images from the container instance. If you use Docker Engine natively, we recommend you should update … ⌘ Read more
Conservative leadership race turns nasty between Poilievre and Brown
Encoding and escaping untrusted data to prevent injection attacks
Practical tips on how to apply OWASP Top 10 Proactive Control C4. ⌘ Read more
My public VPS is now only accessible via SSH from my tailnet. One more possible attack vector less. ⌘ Read more
friendlyjordies Attacks Labor ⌘ Read more
Securing the Software Supply Chain with Docker Business
Organizations are increasingly facing new challenges in trying to protect their software supply chain. This has become especially difficult as the workforce has transitioned to a more distributed model with organizations scaling and onboarding more developers on distributed teams. With the number of software supply-chain attacks increasing by 650% in 2021, coordinating all of these […]
The post [Securing the Software Su … ⌘ Read more
Trojan source attacks
3 points posted by kenny ⌘ Read more
Notary v2 Project Update
Supply chain security is something that has been increasingly important to all of us in the last few years. Almost as important as the global supply chains that are having problems distributing goods around the world! There have been many attacks via the supply chain. This is where some piece of software that you use […]
The post Notary v2 Project Update appeared first on Docker Blog. ⌘ Read more
Docker is Updating and Extending Our Product Subscriptions
Docker is used by millions of developers to build, share, and run any app, anywhere, and 55% of professional developers use Docker every day at work. In these work environments, the increase in outside attacks on software supply chains is accelerating developer demand for Docker’s trusted content, including Docker Official Images and Docker Verified Publisher […]
The post [Docker is Updating and Extending Our Product Subscriptions](https:/ … ⌘ Read more
just to make clear: people who actually identify as attack helicopters are unironically valid
Building a healthy and secure software supply chain
Securing the software supply chain is now an everyday concern for developers. As attackers increasingly target open-source components as a way to compromise the software supply chain, developers hold the keys to making their projects as secure as they can be. That’s why Docker continues to invest heavily in our developer tools like Docker Desktop […]
The post [Building a healthy and secure software supply chain](https://www.d … ⌘ Read more
Hippo Attacks ⌘ Read more…